annual risk assessment of va’s charge card program · to assess program risk, the team identified...

REVIEW JUNE 10, 2020 REPORT #20-00417-170

Office of Audits and Evaluations

DEPARTMENT OF VETERANS AFFAIRS

Fiscal Year 2019 Risk Assessment of VA’s Charge Card Program

In addition to general privacy laws that govern release of medical information, disclosure of certain veteran health or other private information may be prohibited by various federal statutes including, but not limited to, 38 U.S.C. §§ 5701, 5705, and 7332, absent an exemption or other specified circumstances. As mandated by law, the OIG adheres to privacy and confidentiality laws and regulations protecting veteran health or other private information in this report.

Report suspected wrongdoing in VA programs and operations to the VA OIG Hotline:

www.va.gov/oig/hotline

1-800-488-8244

The mission of the Office of Inspector General is to serve veterans and the public by conducting effective oversight of the programs and operations of the Department of Veterans Affairs through independent audits, inspections, reviews, and investigations.

VA OIG 20-00417-170 | Page 1 | June 10, 2020

DEPARTMENT OF VETERANS AFFAIRS OFFICE OF INSPECTOR GENERAL

WASHINGTON, DC 20001

MEMORANDUM

Date: June 10, 2020

To: Inspector General (50)

From: Assistant Inspector General for Audits and Evaluations (52)

Subject: Fiscal Year (FY) 2019 Risk Assessment of VA’s Charge Card Program

In this annual assessment mandated by the Government Charge Card Abuse Prevention Act of 2012, the VA Office of Inspector General (OIG) determined that VA’s Purchase Card Program, which had more than $5 billion in transactions in FY 2019, remains at medium risk of illegal, improper, or erroneous purchases. The assessment covered VA’s three types of charge cards—purchase cards including convenience checks, travel cards, and fleet cards—and employed data mining of purchase card transactions.1 Data identified potential misuse of purchase cards, and OIG investigations and reviews continue to identify patterns of purchase card transactions that do not comply with the Federal Acquisition Regulation (FAR) and VA policies and procedures.As for VA’s Travel and Fleet Card Programs, which represented only about 3.0 percent and about 0.3 percent respectively of total FY 2019 spending through charge card transactions, the OIG found they have a low risk of illegal, improper, or erroneous purchases. The OIG plans further audits of VA’s charge card expenditures and continues to investigate individual cases of purchase card abuse.

Background The Government Charge Card Abuse Prevention Act of 2012 was enacted to prevent abuse in federal charge card programs.2 That law and the Office of Management and Budget (OMB) Memorandum M-13-21, “Implementation of the Government Charge Card Abuse Prevention Act of 2012,” require inspectors general to conduct periodic risk assessments of illegal, improper, or erroneous purchases in charge card programs. Inspectors general are required to use these risk assessments to determine the scope, frequency and number of periodic audits of charge card programs. Federal agencies get charge cards from the General Services Administration’s (GSA)

1 Federal Agency Data Mining Reporting Act of 2007, 42 U.S.C § 2000ee–3.,(b), 1, “Data mining” refers to performing pattern-based queries, searches, or other analyses of one or more electronic databases, in part, to discover predictive patterns or anomalies indicative of fraud, waste, or abuse of VA resources. 2 Government Charge Card Abuse Prevention Act of 2012, Pub. L. No. 112-194, 41 U.S.C. § 1909.

Fiscal Year 2019 Risk Assessment of VA’s Charge Card Programs

VA OIG 20-00417-170 | Page 2 | June 10, 2020

SmartPay Program, through three GSA SmartPay contractor banks—Citibank, J.P. Morgan, and U.S. Bank.

According to the GSA, these charge cards enable authorized government employees to make purchases on behalf of the federal government in support of their organizations’ missions.3

Charge cards help agencies simplify acquisition procedures and provide a low-cost, efficient vehicle for obtaining goods and services directly from vendors.4

Scope and Methodology The OIG conducted its risk assessment from November 2019 through March 2020. To accomplish the review, the risk assessment team used data mining to evaluate the three types of charge cards used by VA. The team reviewed VA policies, procedures, and other controls applicable to these charge card programs. The team also analyzed FY 2018 and FY 2019 charge card data to identify transactions or patterns of activity that represented potentially illegal, improper, or erroneous charge card purchases, and to measure year-to-year changes in charge card use. Due to the limited scope of the risk assessment, the team did not verify individual transactions.

The team established and used the criteria in table 1 to assess risk based on the results of data mining.

Table 1. Criteria for Assessing Charge Card Risk

Risk level Criteria

Low

Data analysis determined that less than 5 percent of charge card transactions reviewed were potentially illegal, improper, or erroneous.

Medium

Data analysis determined 5 to 20 percent of charge card transactions reviewed were potentially illegal, improper, or erroneous.

High

Data analysis determined more than 20 percent of charge card transactions reviewed were potentially illegal, improper, or erroneous.

Source: Criteria established by the OIG

3 “GSA SmartPay Saves! The GSA SmartPay Program,” General Services Administration website, accessed March 10, 2020, https://smartpay.gsa.gov/content/about-gsa-smartpay#sa17. 4 “GOVERNMENT PURCHASE CARDS - Control Weaknesses Expose Agencies to Fraud and Abuse,” Statement of Linda M. Calbom Director, Financial Management and Assurance, GAO-02-676T, May 1, 2002, , United States General Accounting Office website, accessed November 05, 2019, https://www.gao.gov/new.items/d02676t.pdf.


VA OIG 20-00417-170 | Page 3 | June 10, 2020

In assessing risk, the team also considered the results and recommendations from prior OIG reviews and investigations that evaluated aspects of charge card programs. The team further reviewed VA’s FY 2018 and FY 2019 annual charge card management plans. OMB Circular A-123, app. B, rev. August 2019, requires that VA develop, issue, and maintain written policies and procedures for the appropriate use of charge cards. The plan is important because such written formal policies and procedures are critical to assure that a system of internal controls are followed and minimize the potential for fraud, misuse, and delinquency.5 Finally, the team reviewed VA’s Semiannual Report on Purchase Charge Card Violations, which it received from the Financial Services Center on January 14, 2020. This report describes confirmed charge card violations involving misuse of a purchase card, adverse personnel actions, punishments, or other actions taken for reportable violations as well as a status of pending violations involving purchase cards.

Assessment 1: VA’s Government Purchase Card Program Is at Medium Risk for Illegal, Improper, or Erroneous Purchases and Payments VA’s Government Purchase Card Program is the largest VA charge card program, as measured both by the number of transactions and the amount of spending. Agency purchase card spending increased by $404.3 million, from about $4.6 billion in FY 2018 to $5.03 billion in FY 2019. The number of purchase card transactions also increased, from approximately 7.1 million to about 7.2 million. VA had 13,376 purchase cardholders in FY 2019, about 3.6 percent of VA’s workforce of approximately 373,000 employees and a decrease of about 200 purchase cardholders from FY 2018. The continuing growth in the VA Government Purchase Card Program makes it important to have strong controls over purchase card use to safeguard government resources and ensure compliance with policies and procedures that reduce the risk of error, fraud, waste, or abuse.

Purchase Card Data The risk assessment team analyzed FY 2019 purchase card data to identify transactions or patterns of activity that suggested illegal, improper, or erroneous purchases, such as the following:

· Potential duplicate payments

· Potential split purchases

5 Office of Management and Budget, OMB Circular A-123, app. B, “A Risk Management Framework for Government Charge Card Programs,” August 27, 2019, accessed November 06, 2019, https://www.whitehouse.gov/wp-content/uploads/2019/08/Issuance-of-Revised-Appendix-B-to-OMB-Circular-A-123.pdf.


VA OIG 20-00417-170 | Page 4 | June 10, 2020

· Approving officials assigned more than 25 cardholders

· Inadequate recording or reporting of financial information

· Surges in year-end purchase card spending

· Convenience check usage and for higher-risk purchases from nonfinancial institutions for purchases such as stored-value cards, foreign currency, money orders, and traveler’s checks

Table 2 shows the number and value of potential duplicate transactions and potential split transactions, and the number of approving officials assigned more than 25 purchase card accounts.

Table 2. Data for the Purchase Card Risk Assessment

Measure FY 2018 FY 2019 Change from FY 2018 to FY 2019

Purchase card transactions 7,107,305 7,168,677 61,372

Amount of purchase card charges $4,627,296,188 $5,031,619,723 $404,323,535

Purchase cardholders 13,762 13,532 (230)

Potential duplicate transactions 1,835,304 1,805,860 (29,444)

Potential duplicates as a percentage of total transactions 25.8% 25.2% (0.6%)

Potential split transactions 700,808 226,433 (474,375)

Potential splits as a percentage of total transactions 9.9% 3.2% (6.7%)

Approving officials assigned more than 25 purchase card accounts 224 154 (70)

Source: OIG analysis of VA charge card data

The risk assessment team determined the risk of illegal, improper, or erroneous purchases in VA’s Government Purchase Card Program is medium. This is the same assessment the OIG made last year based on VA’s FY 2018 purchase card data. The team assigned its risk assessment based on the data in table 2.

The potential duplicate transactions meet the table 1 criteria for high risk. However, the team also considered other qualitative factors. For example, the amount of potential split purchases


VA OIG 20-00417-170 | Page 5 | June 10, 2020

relative to the total percentage of purchase card transactions decreased from 9.9 percent of transactions in FY 2018 to 3.2 percent of transactions in FY 2019, in the third consecutive annual decrease. Taking the additional information into account, the team determined the risk is medium, consistent with the OIG’s prior assessment.

Potential Duplicate Payments Duplicate payments occur when VA erroneously pays a merchant more than once for the same good or service. This results in an overpayment and can lead to the additional expense of trying to recover overpayments that are identified. Duplicate payments pose a risk of financial loss to VA regardless of whether the transactions were inadvertent—processing errors or inaccurate record keeping—or fraudulent. VA policy requires cardholders to report such unauthorized charges to their approving officials and the agency’s or organization’s program coordinator to ensure that the federal government ultimately pays only once.

To assess program risk, the team identified potential duplicate payments by matching transactions that had the same purchase date, merchant name, credit card number, and dollar amount. Using this method, the team identified about 1.8 million potential duplicate payments in FY 2019, totaling approximately $405.7 million. This amount reflects approximately a 1.5 percent decrease in dollar amount from FY 2018. Due to the limited scope of the risk assessment, the team did not determine if these transactions were duplicate payments. The OIG is conducting separate financial management reviews at VA Medical Centers that examine transactional data to determine if duplicate payments occurred.

Potential Split Purchases A split purchase occurs when a cardholder intentionally makes two or more payments for a single purchase to avoid exceeding the micropurchase threshold.6 The FAR prohibits purchases from being split to qualify for simplified acquisition procedures or to avoid requirements that apply to purchases above the micropurchase threshold.7

To assess program risk, the team matched only transactions with the same purchase date, merchant name, credit card number, and a total greater than the micropurchase threshold of $10,000. The risk assessment team identified about 226,400 potential split purchases totaling approximately $564.7 million, down from almost 701,000 potential split purchases totaling over $799 million for FY 2018. Due to the limited scope of a risk assessment, the team did not determine if these transactions were split purchases. The OIG is conducting separate financial management reviews at VA Medical Centers that examine transactional data to determine if split purchases occurred.

6 VA Financial Policies and Procedures, vol. 16, chap. 1B, “Government Purchase Card for Micro-Purchases,” June 2018 and February 2019. 7 Federal Acquisition Regulation, 13.003 Policy, (c)(2), Issued Fiscal Year 2019.


VA OIG 20-00417-170 | Page 6 | June 10, 2020

Excessive Number of Cardholders per Approving Official VA policy limits approving officials—people who authorize cardholder purchases, ensure payment charges are reconciled to monthly billing statements, and ensure purchase cards are used properly—to no more than 25 purchase card accounts. This limit does not apply to Veterans Health Administration prosthetic purchase card accounts, and up to 40 of these may be assigned to one approving official.8 When the number of cardholders assigned to an approving official exceeds 25, or 40 for prosthetic card accounts, the approving official may not effectively review and verify purchase card transactions.

The risk assessment team identified 154 approving officials who were assigned more than 25 purchase card accounts each, amounting to 12,348 cardholders in the aggregate and translating into an average of approximately 80 cards per approving official. The 12,348 cardholders conducted 3,125,495 transactions totaling about $1.9 billion during FY 2019. The team’s analysis did not include sample testing of purchase card accounts, and therefore it did not determine how many of those accounts were designated as prosthetics purchase card accounts.

Inadequate Recording or Reporting VA maintains a cost center structure to facilitate the correct identification and recording of costs. Use of cost centers identifies the office or suborganization and ensures proper accounting records and financial transactions. In addition, budget object codes are used to record and report the classification of purchases made by the federal government into specific object classses of items or services.The use of both cost center and budget object codes are necessary to capture accurate cost information associated with VA purchasing.

The risk assessment team identified nearly 6,181 transactions totaling approximately $4.9 million in which VA’s financial records did not indicate the cost center, the office or suborganization associated with the transaction. In another 4,663 transactions, totaling approximately $3.2 million, VA’s financial records did not include a budget object code to explain the nature of the transaction. Cost center descriptions and budget object codes are necessary to ensure adequate recording and reporting of purchase card transactions.

Improper Year-End Spending VA data show a surge of year-end purchase card spending in FY 2019. During the first 10 months of FY 2019, VA averaged about 612,000 purchase card transactions with an average of approximately $414.6 million in spending per month. This average increased to about 637,000 transactions with an average of about $452 million in spending per month during the last two months of the fiscal year, up approximately 4 percent and approximately 8 percent respectively.

8 VA Financial Policies and Procedures, vol. 16, chap. 1A, “Administrative Actions for Government Purchase Cards,” June 2018.


VA OIG 20-00417-170 | Page 7 | June 10, 2020

The increase could reflect a rush to spend unused appropriations at the end of the fiscal year, creating the potential for wasteful or abusive procurement practices, such as purchasing goods or services that do not meet legitimate government needs.

Questionable Convenience Check Purchases Convenience checks are intended for use only with merchants who do not accept purchase cards or electronic funds transfers. Convenience checks are written against purchase card accounts. VA policy states that convenience checks are a payment method of last resort and may only be used when no reasonable alternative merchant that accepts purchase cards or electronic funds transfers is available. VA policy considers all convenience check purchases inherently risky.9

The risk assessment team found that VA issued 1,544 convenience checks with a total value of approximately $1.3 million in FY 2019. VA reported completing monthly reviews for all convenience checks, and an additional in-depth review on 376. An additional in-depth review takes place for checks that were written for amounts over $5,000, potentially paid to employees, questionable merchants, merchants the bank labels “Illegible,” or any other transactions that appear suspicious. The convenience checks that were identified for additional reviews amounted to $307,000 in total spending and 23 percent of the total convenience checks. One violation surfaced in the additional reviews, and the station responsible agreed to resolve it.

Additional Information Considered in Assessment In addition to the data analysis, the team considered previously issued OIG reports and recommendations, results from investigations of misuse and fraudulent use, and other risk assessment and internal control factors.

Previously Issued OIG Reports and Recommendations An OIG report published in March 2018 found a lack of appropriate controls over purchase card use at the Washington, DC VA Medical Center.10 The OIG found that a purchasing agent at this medical center fraudulently purchased eight Microsoft Surface Pro computers, eight iPhones, and two iPads, all for a single veteran during 2016. Another example of lack of controls in the same report indentified the medical center chief logistics officer as being responsible for approving expenditures made by nonlogistics staff with such purchases with those cards not adequately tracked.

9 VA Financial Policy, vol. 16, chap. 1C, “Government Convenience Checks,” June 2018. 10 VA OIG, VHA Critical Deficiencies at the Washington, DC VA Medical Center, 17-02644-130, March 7, 2018.


VA OIG 20-00417-170 | Page 8 | June 10, 2020

In July 2018, the OIG substantiated an allegation that employees at the VA St. Louis Health Care System made split purchases.11 Out of 268 purchases, cardholders made 25 split purchases valued at approximately $61,000 during the period of review in 2014 and 2015.

Results of OIG Investigations The OIG’s Office of Investigations continues to identify patterns of misuse and fraudulent use of purchase cards. From FY 2015 through FY 2019, OIG criminal investigators reported that they opened 16 cases regarding the misuse of purchase cards.

OIG investigations found cardholders misused purchase cards for

· Inflating vendor invoices and receiving kickbacks;

· Making split purchases that would have otherwise exceeded the micropurchase threshold;

· Making unnecessary purchases and receiving kickbacks;

· Making authorized purchases for supplies and equipment, then misappropriating those items for personal use;

· Agreeing to accept sporting event tickets in exchange for future preferential treatment; and

· Making payments to contractors for work that was not completed.

From October 2018 through September 2019, the OIG Office of Investigations reported closing 18 purchase card fraud cases that were not substantiated and five that were substantiated. Two cases are described below:

· Kickbacks: A former VA supervisor made purchase card payments totaling approximately $451,000 to three vendors for unnecessary maintenance work at a medical center. The vendors kicked back approximately $136,500 in cash to the former VA supervisor. The investigation resulted in six contractor suspensions and debarments for all involved vendors and the company owners, one employee resignation, five arrests, four indictments, four criminal convictions, and one pre-trial diversion agreement. The convictions resulted in a total of 174 months of probation, 20 months of incarceration, three court ordered therapies, and approximately $273,000 in court ordered restitution and special assessments.

· Quid Pro Quo: During the course of another purchase card fraud investigation, investigators found that eight former VA employees admitted to accepting sporting event tickets in exchange for purchasing items or agreeing to purchase items in the future from a vendor. The investigation resulted in administrative action by VA supervisors. VA

11 VA OIG, Alleged Split Purchases at the VA St. Louis Health Care System, 16-02863-199, July 17, 2018.


VA OIG 20-00417-170 | Page 9 | June 10, 2020

suspended seven employees for a combined total of 84 days, which resulted in a cost savings of approximately $17,379 to VA. The other employee was the subject of the aforementioned kickbacks investigation.

The OIG’s Office of Investigations found fraudulent use of purchase cards, which are indicative of risk; however, the risk assessment team also considered that in FY 2019, VA decreased potential duplicate transactions as a percent of all purchase card transactions and decreased potential split transactions as a percent of all purchase card transactions. Therefore, the team maintained the risk level at medium, consistent with the prior assessment.

Other Risk Assessment and Internal Control Factors OIG also considered in its medium risk level that VA continued to maintain its charge card management plan in FY 2019, as required by OMB Circular A-123, app. B. The OIG also considered the results of VA’s semiannual reports on purchase card violations and the presence of VA’s Office of Business Oversight’s which has a management role in purchase cards to support operations and improve controls.

VA’s Charge Card Management Plan

VA continued to maintain its charge card management plan in FY 2019, as required by OMB Circular A-123, app. B. The circular consolidates requirements and guidance to agencies regarding how to maintain internal controls that reduce the risk of fraud, waste, and error in government charge card programs. Maintaining a charge card management plan is important because it establishes internal controls that minimize the potential for fraud, misuse, and delinquency. VA’s FY 2019 Charge Card Management Plan includes

· Responsibilities of key personnel,

· Procedures for issuing a purchase card,

· Process to ensure credit worthiness for new charge card applicants,

· Training requirements for purchase cardholders,

· Management controls, policies, and practices for ensuring appropriate charge card and convenience check use,

· Establishment of appropriate authorization controls,

· Acknowledgement of agency policies and practices developed to ensure appropriate consideration by cardholders of category management and strategic sourcing,

· Explanation of how available reports and data are used for monitoring efficiencies,

· Record-keeping requirements, and


VA OIG 20-00417-170 | Page 10 | June 10, 2020

· Policies for the closure or transfer of charge cards and maintenance of other documentation when employees terminate employment.

VA submitted this plan to OMB on January 14, 2020, and addressed all required elements.

VA’s Semiannual Reports on Purchase Charge Card Violations

The Government Charge Card Abuse Prevention Act of 2012 directs the VA Secretary and VA Inspector General, on a semiannual basis, to submit to the OMB director a joint report that describes confirmed violations involving the misuse of a purchase card, and all adverse actions, punishment, or other action taken based on each violation.

VA reported three confirmed violations involving loss, waste, or misuse of a purchase card in FY 2019. The report also listed the corresponding adverse personnel actions as counseling for one violator and suspension of a second, and noted demotion for a third. The third employee, however, resigned before the demotion action took place.

VA’s Office of Business Oversight Reviews of Purchase Card Transactions

The Office of Business Oversight is part of the VA Office of Management and is dedicated to improving internal controls. It provides targeted oversight of business processes most vulnerable to improper payment, fraud, waste, or abuse. As part of this mission, the Office of Business Oversight’s Financial Risk Oversight Service documents and assesses VA’s internal controls framework and provides auditing, testing, and remediation assistance to VA management to support effective and efficient operations and assist in improving controls over financial reporting to fulfill VA’s commitment to veterans.

Assessment 1 Conclusion VA’s Government Purchase Card Program remains at medium risk of illegal, improper, or erroneous purchases. The data mining of purchase card transactions identified potential misuse of purchase cards, while OIG investigations and reviews continue to identify patterns of purchase card transactions that do not comply with the FAR and VA policies and procedures.

The OIG will use this risk assessment to evaluate the need for future audits of the VA Government Purchase Card Program. The OIG’s Office of Investigations continues to perform work on individual cases of purchase card abuse.


VA OIG 20-00417-170 | Page 11 | June 10, 2020

Assessment 2: VA’s Travel Card Program Is at Low Risk for Illegal, Improper, or Erroneous Purchases and Payments Congress has mandated that federal employees use government travel charge cards for payments of expenses related to official government travel.12 Approving officials, typically a supervisor, should ensure that travelers use their government-issued travel cards for purchases of travel-related services or products such as rental cars and hotel rooms. The government reimburses travelers for authorized expenses, and the cardholder is responsible for making payments to the bank that issued the card. VA has established policies and procedures regarding VA’s Travel Charge Card Program.13 During FY 2019, about 33,000 of VA’s approximately 373,000 employees used travel cards to make about 1.2 million transactions totaling approximately $157 million.

The risk assessment team determined the risk of illegal, improper, or erroneous purchases in VA’s Government Travel Charge Card Program is low. The team made this determination because the FY 2019 potential duplicate transactions and potential split purchases each made up less than 1 percent of travel card transactions. VA data shows about $157 million in travel card transactions in FY 2019, which represented only about 3 percent of the approximately $5.2 billion VA spent on charge card transactions.

Travel Card Data The risk assessment team performed data mining of VA’s FY 2019 travel card transactions to identify transactions or patterns of activity that suggest illegal, improper, or erroneous purchases. Table 3 shows the results, including the number and values of potential duplicate transactions and potential split transactions.

Table 3. Data for the Travel Card Risk Assessment

Measure FY 2018 FY 2019

Change from FY 2018 to FY 2019

Travel card transactions 977,678 1,176,456 198,778

Amount of travel card charges $130,677,385 $156,972,209 $26,294,824

Travel cardholders 30,276 33,032 2,756

Potential duplicate transactions 7,210 11,102 3,892

12 Travel and Transportation Reform Act of 1998, Pub. L. No. 105-264, 112 Stat. 2350 (1998). 13 VA Financial Policy, vol. 16, chap. 2, “Government Travel Charge Card Program,” September 2017.


VA OIG 20-00417-170 | Page 12 | June 10, 2020



Potential split transactions 931 939 8


Out of the approximately 1.2 million travel card transactions in FY 2019, data mining identified 11,102 potential duplicates compared with 7,210 in FY 2018. These transactions totaled about $1.1 million, a spending increase of $283,000 from FY 2018.

Out of the approximately 1.2 million travel card transactions in FY 2019, data mining identified 939 potential split purchases compared with 931 in FY 2018. These transactions totaled about $2 million, a spending increase of approximately $433,000 from FY 2018.

The risk assessment team also identified 543 cardholders who used their cards an average of 100 to 999 times per month during FY 2019. However, the team did not consider this an excessive use of travel cards for two reasons: (1) VA creates accounts for facility employees who use the cards extensively for beneficiary (veterans/patients) travel programs and (2) VA policy requires such cardholders to reconcile all charges on such travel card billing statements monthly.

VA’s Charge Card Management Plan VA’s FY 2019 Charge Card Management Plan outlines VA policies and procedures established to mitigate travel card misuse and abuse and includes

· Procedures for evaluating the creditworthiness of travel cardholders;

· Requirements for travel cardholders to receive training every three years;

· Record-keeping requirements;

· Travel card risks, and controls implemented to mitigate them to the greatest extentpossible;

· A list of reports available to officials to manage the Travel Charge Card Program;

· Procedures for identifying and resolving travel card delinquencies and ensuringappropriate card use; and

· Disciplinary procedures for cardholders who misuse travel cards.

Proper and consistent implementation of the plan should reduce the risk of illegal, improper, or erroneous use of travel cards.


VA OIG 20-00417-170 | Page 13 | June 10, 2020

Assessment 2 Conclusion VA’s Travel Card Program remains at low risk of illegal, improper, or erroneous purchases. The risk assessment team assigned a low risk level primarily because data mining showed a low percentage of potential duplicate and split purchases. In addition, travel card transactions represented only about 3 percent of the approximately $5.2 billion spent by VA on charge card transactions during FY 2019.

Assessment 3: VA’s Fleet Card Program Is at Low Risk of Illegal, Improper, or Erroneous Purchases and Payments VA issues fleet cards for all VA-owned and VA-leased vehicles. Individual cardholders are not identified in the Fleet Card Program; instead, fleet cards are issued under the vehicle license plate number or are identified by the equipment that the cards will service, for example small engine vehicles such as golf carts, riding lawn mowers, on-site generators, and other grounds equipment. VA fleet cards are used to pay for vehicles’ fuel, maintenance, and repair.14 During FY 2019, VA cardholders used fleet cards to make about 225,000 transactions totaling approximately $18 million.

The risk assessment team determined the risk of illegal, improper, or erroneous purchases in VA’s Fleet Card Program is low. The team made this determination because data mining showed that potential duplicate and potential split purchases transactions made up less than 1 percent of FY 2019 fleet card transactions. VA had about $18 million in fleet card charges in FY 2019, which represented only about 0.3 percent of the approximately $5.2 billion total VA spent on charge card transactions. Although the team assessed a low risk level, data mining of FY 2019 fleet card transactions also identified purchases from questionable merchants.

Fleet Card Data The OIG performed data mining of VA’s reported FY 2019 fleet card transactions to identify patterns of activity that suggest illegal, improper, or erroneous purchases. In addition, the risk assessment team identified 1,134 fleet card transactions totaling $336,712 from vendors with merchant category codes not normally associated with fleet cards, such as glassware, sporting goods, home furnishings, and exterminating services. However, the $336,712 amount represents only about 2 percent of approximately $18 million spent on FY 2019 fleet card transactions. The data in table 4 shows the number of potential duplicate transactions and potential split transactions.

14 VA Financial Policies and Procedures, vol. 16, chap. 3, “Government Fleet Charge Card,” November 2011.


VA OIG 20-00417-170 | Page 14 | June 10, 2020

Table 4. Data for the Fleet Card Risk Assessment



Fleet card transactions 231,187 224,648 (6,539)

Amount of fleet card charges $17,475,938 $18,080,663 $604,725

Number of fleet cards 4,296 4,457 161

Potential duplicate transactions 799 617 (182)

Potential split transactions 50 62 12


VA’s Charge Card Management Plan VA’s FY 2019 Charge Card Management Plan outlines VA policies, procedures, and other controls to help mitigate fleet card fraud and misuse. The plan includes

· Procedures for issuing fleet cards by vehicle license number,

· Requirements for fleet card users to receive training annually and fleet card approvers to complete training every two years,

· Record-keeping requirements,

· Procedures for closing accounts when vehicles are removed from service,

· Fleet card risks, and controls implemented to mitigate them,

· Reports available to officials to manage the Fleet Card Program, and

· Disciplinary procedures for cardholders who misuse fleet cards.

Proper and consistent implementation of the plan should reduce the risk of illegal, improper, or erroneous use of fleet cards.

Assessment 3 Conclusion VA’s Fleet Card Program remains at low risk of illegal, improper, or erroneous purchases. The risk assessment team assigned a low risk level because data mining identified a low number of potential duplicate and split purchases. Moreover, fleet card transaction spending represented only about 0.3 percent of the approximately $5.2 billion total spending by VA on charge card transactions during FY 2019. However, the team did note potential instances of misuse regarding merchant category codes not normally associated with fleet cards.


VA OIG 20-00417-170 | Page 15 | June 10, 2020

Overall Assessment VA’s Purchase Card Program remains at medium risk of illegal, improper, or erroneous purchases. Data mining identified potential misuse of purchase cards, and OIG investigations and reviews continue to identify patterns of purchase card transactions that deviate from the FAR and VA policies and procedures. In contrast, VA’s Travel and Fleet Card Programs have a low risk of illegal, improper, or erroneous purchases. The OIG continues to plan audits of VA’s charge card expenditures, and the OIG Office of Investigations continues to perform work on individual cases of purchase card abuse.

LARRY M. REINKEMEYER Assistant Inspector General for Audits and Evaluations

annual risk assessment of va’s charge card program · to assess program risk, the team identified...

Documents